California Privacy Policy

California Privacy Policies

These policies apply to the U.S. operations of the following companies:  Berkshire Hathaway Assurance Corporation, Berkshire Hathaway Homestate Insurance Company, Berkshire Hathaway Specialty Insurance Company, BHHC Special Risks Insurance Company, BHHC Specialty Risk LLC, Columbia Insurance Company, Continental Divide Insurance Company, Cypress Insurance Company, National Fire & Marine Insurance Company, National Indemnity Company, National Indemnity Company of Mid-America, National Indemnity Company of the South, National Liability & Fire Insurance Company, Northern States Agency, Oak River Insurance Company, Redwood Fire and Casualty Insurance Company ,and Ringwalt & Liesche Co. (collectively, “we,” “us,” or “our”). These policies apply solely to individuals who reside in California (“consumers,” “you,” or “your”).   

 

California Gramm-Leach-Bliley Act Policy

We adopt this California Gramm-Leach-Bliley Act Policy to comply with the Gramm-Leach-Bliley Act (Title 15, Chapter 94, Subchapter I (commencing Section 6801) of the United States Code), the California Financial Information Privacy Act (Division 1.4 (commencing Section 4050) of the California Financial Code), the California Insurance Information and Privacy Protection Act (Division 1, Part 2, Chapter 1, Article 6.6 (commencing Section 791) of the California Insurance Code), and California regulations implementing such acts (Title 10, Chapter 5, Subchapter 5.9 (commencing Section 2689.1) of the California Code of Regulations) (collectively, “GLBA”). Any terms defined in GLBA have the same meaning when used in this policy.

 

Definitions

A “consumer” is a person who seeks or obtains products or services from us for personal, family or household needs. Only a natural person may be a consumer.

“Personal information” is information about a consumer that is not publicly available.

 

Information We Collect

We collect personal information from:

  • People who apply for insurance from us;
  • People who visit our website;
  • People we insure;
  • People involved in claims under our policies;
  • The consumer’s transactions with us, our affiliates, our agents or others;
  • Consumer reporting agencies or insurance support organizations; and
  • Other third parties including state motor vehicle departments.

Information we collect from an insurance-support organization may be kept by them. They may disclose it to others.

 

Information We Disclose

We do not disclose personal information, except as required or allowed by law. Sometimes we are allowed to disclose personal information without consent.

Examples of such disclosures include:

  • To a person who performs administrative, business, professional, or insurance functions for us;
  • To confirm eligibility for insurance benefits or payments;
  • To detect or prevent crime or fraud;
  • To insurers or agents that need it to perform an insurance function;
  • To insurers or agents so we can perform an insurance function;
  • To medical providers to confirm insurance coverage;
  • To insurance regulators;
  • To law enforcement;
  • In response to subpoenas, search warrants or other court orders;
  • For actuarial or research studies;
  • In connection with a sale of our business;
  • To an affiliate who is auditing us;
  • To a peer review group looking at the services or conduct of a medical provider;
  • To a public agency that may have paid health benefits for a consumer;
  • To a certificate holder or policy owner who wants to know the status of an insurance transaction;
  • To a person with a legal interest in a policy issued by us;
  • To rate advisory organizations;
  • To guaranty funds;
  • To rating agencies;
  • To our lawyers, accountants and auditors;
  • To a group policy owner to report claims experience;
  • To a group policy owner to conduct an audit; or
  • As otherwise required or allowed by law.

 

Information Security

We authorize our workers, agents, outside vendors and others to access personal information only when they have a business reason to do so. We have physical, electronic, and procedural safeguards to protect personal information from unauthorized access.

 

Right to Review & Correct Personal Information

A consumer may review personal information we have gathered about the consumer. The consumer may send a letter to: Chief Privacy Officer, 1314 Douglas Street, Suite 1400, Omaha, NE 68102-1944. The consumer may also submit a request by submitting their information via the following methods:

The request should include name, address, phone number, policy number and describe the records that the consumer wants to review. Upon receipt of this request, we will review our records and inform the consumer if we have the information sought and if it is reasonably locatable and retrievable. If it is, the consumer may review the information in person or request that we mail them a copy. We will disclose to the consumer who else received the information in the past two years or who would normally have received it in the past two years. We may charge the consumer a fee.

The consumer may ask us to fix mistakes in our records. If we agree, we will correct our files. Upon request, we will send revised information to a person who received information from us in the past 2 years. If we disagree, the consumer may file a short statement of dispute. The statement will be included with information we share in the future. Upon request, we will send the statement to a person who received information from us in the past 2 years.

 

Changes to Policy

We may change this policy at any time. We will provide advance notice of changes if required by law.

 

California Consumer Privacy Act Policy

We adopt this California Consumer Privacy Act Policy to comply with the California Consumer Privacy Act of 2018 and the California Privacy Rights Act of 2020 (Title 1.81.5 (commencing Section 1798.100) of the California Civil Code) (the “CCPA”). Any terms defined in the CCPA have the same meaning when used in this policy. Personal information subject to the California Gramm-Leach-Bliley Act Policy is not subject to this California Consumer Privacy Act Policy.

 

Information Practices

The following table identifies the categories of personal information we have collected about consumers and the categories of personal information we have disclosed for a business purpose to third parties in the last 12 months:

 

Category

Collected

Disclosed

Identifiers such as real name, alias, postal address, unique personal identifier, online identifier, Internet Protocol address, email address, account name, social security number, driver's license number, passport number, or other similar identifiers

Yes

Yes

Any of personal information described in Cal. Civ. Code § 1798.80(e) such as name, signature, social security number, physical characteristics or description, address, telephone number, passport number, driver's license or state identification card number, insurance policy number, education, employment, employment history, bank account number, credit card number, debit card number, or any other financial information, medical information, or health insurance information

Yes

Yes

Characteristics of protected classifications under California or federal law, such as race, color, ancestry, national origin, religion, gender (including pregnancy, childbirth, or related medical conditions), disability, age (40 and older), genetic information, marital status, sexual orientation, gender identity and gender expression, AIDS/HIV status, medical conditions, political activities or affiliations, military or veteran status, or reproductive health decision making

Yes

Yes

Commercial information, including records of personal property, products or services purchased, obtained, or considered, or other purchasing or consuming histories or tendencies

Yes

Yes

Biometric information, such as retina scans, fingerprints, faceprints, handprints, palmprints, vein patterns, voice recordings, voiceprints, keystroke patterns or rhythms, gait patterns or rhythms, and sleep, health, or exercise data

Yes

Yes

Internet or other electronic network activity information, including, but not limited to, browsing history, search history, and information regarding a consumer’s interaction with an internet website, application, or advertisement

Yes

Yes

Geolocation data

Yes

Yes

Audio, electronic, visual, thermal, olfactory, or similar information

Yes

Yes

Professional or employment-related information

Yes

Yes

Education information, meaning information that is not publicly available “personally identifiable information” as defined in the Family Educational Rights and Privacy Act (20 U.S.C. § 1232g; 34 C.F.R. Part 99), such as student name, parent or other family member names, student or family address, social security number, student number, biometric record, date of birth, place of birth, or mother's maiden name

Yes

Yes

Inferences drawn from other personal information to create a profile about a consumer reflecting the consumer's preferences, characteristics, psychological trends, predispositions, behavior, attitudes, intelligence, abilities, and aptitudes

Yes

Yes

Social security, driver's license, state identification card, or passport number

Yes

Yes

Account log-in, financial account, debit card, or credit card number in combination with any required security or access code, password, or credentials allowing access to an account

Yes

Yes

Precise geolocation

Yes

Yes

Racial or ethnic origin, religious or philosophical beliefs, or union membership

Yes

Yes

The contents of a consumer's mail, email, and text messages unless we are the intended recipient of the communication

Yes

Yes

Personal information that reveals a consumer's genetic data

Yes

Yes

The processing of biometric information for the purpose of uniquely identifying a consumer

Yes

Yes

Personal information collected and analyzed concerning a consumer's health

Yes

Yes

Personal information collected and analyzed concerning a consumer's sex life or sexual orientation

Yes

Yes

 

Depending on your relationship with us, we may or may not collect every category of personal information identified. 

We collect personal information from the following categories of sources:

  • Directly from the consumer or someone providing information on the consumer’s behalf, such as an agent, broker, attorney or employer;
  • External data sources, such as insurance support organizations, consumer reporting agencies, and other companies that provide data related to a specific consumer, business, or property;
  • Via our website, directly or indirectly from information submitted through a web portal or through the use of cookies and other data tracking systems. Refer to our Website Privacy Policy for additional information;
  • Sources used to facilitate the transaction of insurance and the investigation of associated claims including, but not limited to, medical providers, regulators, auditors, attorneys, investigators, adjusters, and other insurance companies.

We disclose personal information to the following categories of third parties:

  • Entities that facilitate our transaction of insurance and the investigation of associated claims;
  • Third party administrators, independent adjusters, outside counsel, investigators, and other parties for purposes of investigating and resolving claims;
  • Regulatory and other government agencies;
  • Consumer reporting agencies or insurance support organizations;
  • Entities that have an interest in policies issued by us, such as certificate holders, additional insureds, group policy owners, or lienholders;
  • Insurers, reinsurers, policyholders, and claimants;
  • Entities who perform administrative, business, professional, or employment functions on our behalf;
  • To our lawyers, accountants and auditors;
  • As otherwise permitted or required by law.

We collect and/or disclose personal information about consumers for the following business or commercial purposes:

  • To operate, manage, and maintain our business, such as providing quotes for insurance, processing applications (either for insurance or for employment), establishing and servicing policies, claims handling, providing customer support, and furnishing other insurance services.
  • To assess and improve our product and service offerings, including the development of new products and services.
  • To perform data analysis.
  • To conduct marketing activities.
  • To detect and prevent fraud and other prohibited or illegal activity.
  • To maintain and enhance the security and safety of our systems, data, and workplace.
  • To hire qualified employees and maintain our workforce.
  • To comply with legal obligations and policies.
  • To bring and defend claims.
  • For other purposes as permitted by law or to which the consumer consents.

We do not collect or process sensitive personal information for the purpose of inferring characteristics about a consumer.

We do not sell or share personal information and have not sold or shared personal information about consumers in the last 12 months.

We retain personal information for at least the minimum period required by law. 

 

Consumer Rights

The CCPA confers certain rights on consumers regarding personal information, including:

  • the right to know what personal information we have collected about the consumer, including the categories of personal information, the categories of sources from which the personal information is collected, the business or commercial purposes for collecting, selling or sharing personal information, the categories of third parties to whom we disclose personal information, and the specific pieces of personal information we have collected about the consumer;
  • the right to delete personal information we have collected from the consumer, subject to certain exceptions;
  • the right to correct inaccurate personal information that we maintain about the consumer;
  • the right not to receive discriminatory treatment by us for the exercise of privacy rights conferred by the CCPA; and
  • if the consumer is an employee, an applicant for employment, or an independent contractor, the right not to be retaliated against for the exercise of the consumer’s rights.

 

Exercising Consumer Rights

To exercise any of your rights under the CCPA, please submit a request to us by contacting us via one of the following methods:

We will contact you to collect additional information to verify your identity. Depending on the nature of the request, we will require you to provide either two or three pieces of information to allow us to verify that you are the person about whom we collected personal information. We may also require you to submit a signed declaration under penalty of perjury that you are the consumer whose personal information is the subject of the request. If we are unable to verify that you are the person about whom we collected personal information, we will notify you that we will not be able to respond to your request.

You may use an authorized agent to submit a request to us as described in this privacy notice. If an agent submits a request to us, we will require the agent to provide proof that you gave the agent signed permission to submit the request. If the signed permission is something other thana notarized power of attorney, we will also require you to verify your own identity directly with us or directly confirm with us that you provided the agent permission to submit the request.

For questions or concerns about our privacy policies and information practices, please contact us at (866) 720-7861. If you have a disability, you may contact us for information on how to access this notice in an alternative format.

This policy was last updated January 1, 2023.